Dejan Kosutic is an expert in information security management and business continuity management. In this interview he talks about the key changes in the ISO 27001: 2013 revision, the new security controls, mandatory documentation, implementation challenges, and much more.
What are the key changes in the ISO 27001: 2013 revision, as well as the benefits?
The key benefit of this new ISO 27001 is that it can be more easily implemented in smaller companies – a greater degree of flexibility is allowed, and a smaller number of mandatory documents is needed. For instance, the risk assessment process is simplified, and there are no more requirements to document procedures like internal audit or corrective action.
What are the new security controls and how does the 2013 revision deal with new risks?